<?php 
include_once('inc/init.php');
include_once('inc/functions.new-finger.php');

// Define some variables.
$error_msg = "";
$error_msg_register = "";
$email = "";
$name = "";
$email = stripslashes($_REQUEST['email']);
$password = "";

// Redirect if logged in.
if (isset($_SESSION['email'])) {
	header("Location: index.php");
}

// Verify if the form was sent.
if (isset($_REQUEST['action'])) {
	// Login
	if ($_REQUEST['action'] == "login") {
		$password = stripslashes($_REQUEST['password']);	
		if (strlen($email)==0) {
			$error_msg .= "<p> '<strong>Your e-mail address</strong>' field is empty. </p>";
		}
		if (strlen($password)==0) {
			$error_msg .= "<p> '<strong>Your password</strong>' field is empty. </p>";
		}
		if (strlen($error_msg)==0) {
			$error_msg = Finger_login($email, $password);
		}
	}
	// Register
	if ($_REQUEST['action'] == "register") {
		$name = stripslashes($_REQUEST['name']);
		$password = stripslashes($_REQUEST['password']);
		$password2 = stripslashes($_REQUEST['password2']);
		if (strlen($name)==0) {
			$error_msg_register .= "<p> '<strong>Your name</strong>' field is empty. </p>";
		}
		if (strlen($email)==0) {
			$error_msg_register .= "<p> '<strong>Your e-mail address</strong>' field is empty. </p>";
		} elseif (!isMail($email)) {
			$error_msg_register .= "<p> '<strong>Your e-mail address</strong>' is not valid. </p>";
		}
		if (strlen($password)==0) {
			$error_msg_register .= "<p> '<strong>Password</strong>' field is empty. </p>";
		}
		if (strlen($password2)==0) {
			$error_msg_register .= "<p> '<strong>Repeat password</strong>' field is empty. </p>";
		}
		if (strlen($password) >0 && strlen($password2) >0 && $password != $password2){
			$error_msg_register .= "<p>Passwords don't match. </p>";
		}
		
		// Register user if no errors were found
		if (strlen($error_msg_register) == 0) {
			$error_msg_register = Finger_register($name, $email, $password);
			if (strlen($error_msg_register) == 0) {
				Finger_login($email, $password);
			}
		}
	}
}

/* login */
function Finger_login($email, $password) {
	$sql_cmd = "select * from users where email = '$email' and password = '".md5($password)."'";
	$sql_query = mysql_query($sql_cmd) or die(mysql_error());
	if (mysql_num_rows($sql_query)>0) {
		$sql_result = mysql_fetch_assoc($sql_query);
		$_SESSION['ses_id'] = $sql_result['id'];
		$_SESSION['ses_email'] = $sql_result['email'];
		$_SESSION['ses_name'] = $sql_result['name'];
		$_SESSION['start'] = time();
		if (isset($_GET["next"]) && strlen($_GET["next"]) >0){
			header("Location: ".$_GET["next"]);
		}else{
			header("Location: index.php"); 
		}
	} else {
		return "<p> Bad password! Have you <a href=\"forgot_password.php?email=$email\">forgot</a> your password?</p>";
	}
}

function Finger_register($name, $email, $password){
	// Check if the email has been used before
	$sql_cmd = "select * from users where email = '$email'";
	$sql_query = mysql_query($sql_cmd) or die(mysql_error());
	if (mysql_num_rows($sql_query)>0) {
		return "<p>The e-mail address that you provided is in use, please login or type other e-mail.</p>";
	} else {
		// Create the new user
		// $newPass = generatePassword(5);
		$sql_cmd = "INSERT into users(email, password, timestamp, name) values('$email','".md5($password)."','".time()."','".mysql_real_escape_string($name)."')";
		$sql_query = mysql_query($sql_cmd) or die(mysql_error());
		// Send email
		$to      = $email;
		$subject = 'The Finger For, Welcome';
		$body    = "Hello dear $name,\n\n";
		$body   .= "Welcome to The Finger For, this website tries to say NO to the things you don't like, by reasoning ";
		$body   .= "why that thing is not okay. You can let people see what you think about something and write their ";
		$body   .= "own opinions about it. Together we can make a good change!\n\n";
		$body   .= "Your account information is the following:\n";
		$body   .= "E-mail: $email\n";
		$body   .= "Password: $password\n\n";
		$body   .= "Best regards,\n";
		$body   .= "The Finger For Team.";
		$headers = 'From: ' . FROM_EMAIL . "\r\n" .'Reply-To: ' . FROM_EMAIL . "\r\n" .'X-Mailer: PHP/' . phpversion();
		mail($to, $subject, $body, $headers);
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
<?php include_once('template/head.php');?> 
</head>

<body>
	<div id="wrap">
		<!-- header -->
		<?php include_once('template/header.php'); ?>
		<!-- body -->
		<div id="body">
			<div id="fingers">
				<!-- left start -->
				<div class="left_finger">
					<h1>Login</h1>
					<div class="body">
						<?php if (strlen($error_msg)>0) { ?>
						<div class="error">
							<?php echo $error_msg; ?>
						</div>
						<?php } ?>
						<form name="login" action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'];?>" method="post">
							<p class="form_item">
								<span class="label"> Your e-mail address: </span>
								<span class="desc"> Please enter your e-mail address. </span>
								<input type="hidden" name="action" value="login" />
								<input value="<?php echo $email; ?>" type="text" name="email" class="inputwb wide3x" />
							</p>
							<p class="form_item">
								<span class="label"> Your password: </span>
								<span class="desc"> Please enter your password. </span>
								<input value="" type="password" name="password" class="inputwb wide3x" />
							</p>
							<p class="form_item">
								<span class="desc">Let me in!</span>
								<input type="submit" class="orange_btn" value="Login" />
							</p>
						</form>
					</div>
				</div>
				<!-- left end -->
				
				<!-- right start -->
				<div class="right_finger">
					<h1 class="left">Register</h1>
					<div class="body">
						<?php if (strlen($error_msg_register)>0) { ?>
						<div class="error">
							<?php echo $error_msg_register; ?>
						</div>
						<?php } ?>
						<form name="register" action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'];?>" method="post">
						<p class="form_item">
							<span class="label"> Your name: </span>
							<span class="desc"> Nice to meet you! :) </span>
							<input value="<?php echo $name; ?>" type="text" name="name" class="inputwb wide3x" />
							<input type="hidden" name="action" value="register" />
						</p>
						<p class="form_item">
							<span class="label"> Your e-mail address: </span>
							<span class="desc"> Please enter your e-mail address. </span>
							<input value="<?php echo $email; ?>" type="text" name="email" class="inputwb wide3x" />
						</p>
						<p class="form_item">
							<span class="label"> Password: </span>
							<span class="desc"> Enter desired password. </span>
							<input value="" type="password" name="password" class="inputwb wide3x" />
						</p>
						<p class="form_item">
							<span class="label"> Repeat password: </span>
							<span class="desc"> Please repeat your password. </span>
							<input value="" type="password" name="password2" class="inputwb wide3x" />
						</p>
						<p class="form_item">
							<span class="desc">Sing me up!</span>
							<input type="submit" class="orange_btn" value="Register" />
						</p>
						</form>
					</div>
				</div>	
				<!-- right end -->
				<div class="clearer"></div>
			</div>
		
		</div>
		<!-- footer -->
		<?php include_once('template/footer.php'); ?>
	</div>
	<br /><br /> <!-- keep some space with the bottom -->
</body>
</html>
<?php mysql_close($db); ?>